Unable to import openapi 3 spec with bearer auth

1

I'm unable to import my openapi spec which has bearer auth configured. I get the following error:
Your API was not imported due to errors in the Swagger file.
Unsupported security definition type 'http' for 'bearerAuth'. Ignoring.

This error can be reproduced with a trivial example openapi spec shown below:

openapi: '3.0.0'
info:
  version: '1.0.0'
  title: 'Test AWS API Gateway'

servers:
  - url: https://example.mydomain.com/v1
paths:
  /test:
    get:
      summary: Returns test data
      operationId: getTestData
      responses:
        '200':
          description: Returns test data
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/testresponse'
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      
  schemas:
    testresponse:
      type: object
      properties:
        test:
          type: string
          example: 'test1'
security:
  - bearerAuth: []

Is type http not supported in AWS API Gateway?
The bearerAuth definition is taken from the openapi docs: https://swagger.io/docs/specification/authentication/bearer-authentication/

Whats wrong with the spec I posted above and how do I make the import work? (I do NOT want to ignore errors as I want the auth to work)

preguntada hace 5 años3310 visualizaciones
2 Respuestas
2

You have to use: type: apiKey

While the more specifcation-compliant http is accepted by the OpenAPI spec validator, it simply doesn't work. API Gateway only supports apiKey in this context.

You can leave the other options there, they don't seem to do any harm. But you should also specify the name of the Authorization header.

Example that will also create the authorizer for you:

  securitySchemes:
    bearerAuth:
      type: apiKey
      scheme: bearer
      bearerFormat: JWT
      name: Authorization
      in: header
      x-amazon-apigateway-authtype: custom
      x-amazon-apigateway-authorizer:
        type: token
        authorizerCredentials: ${authorizerCredentials}
        authorizerUri: ${authorizerUri}
respondido hace 4 años
1

Bumping this.

Just spent a good 3 hours on solving this. Like the answer suggests, apiKey indeed does work.

But how the hell is API-Gateway OpenAPI 3.^ compliant if it does not support basic open API securiySchemes?

On top of this, AWS API-Gateway supports both Request and Token based authentication. How am I supposed to achieve request auth programmatically without this construct present?

  securitySchemes:
    LambdaAuth:
      type: apiKey
      bearerFormat: JWT
      name: Authorization
      in: header
      scheme: bearer
      x-amazon-apigateway-authtype: custom
      x-amazon-apigateway-authorizer:
        type: request
        identitySource : method.request.header.Authorization
        authorizerUri: !Sub  "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/${lambdaARN}/invocations"

If I use request here, the whole thing keep failing coz I cannot have the basic construct.

respondido hace 4 años
  • That's the neat part @anirudhr, it isn't, and never has been for some reason. Frustratingly so

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas